Skip to content ↓ | Skip to navigation ↓

A researcher has discovered a new crypto ransomware, known as Critroni, infecting hundreds of thousands of machines by demanding Bitcoin payment in order to decrypt personal files and avoid losing data.

The ransomware has been selling on Underground for nearly $3,000 and is now being used by a range of attackers through different vectors, including those using the Angler exploit kit to drop a Spambot on a victim’s computer. The spambot is capable of downloading Critroni onto the infected computer to encrypt a variety of files, such as photos, documents and databases.

A dialogue box is then displayed on screen, alerting users of the infection and prompting for a Bitcoin payment in the next 72 hours before the data is scrapped:


The ransom payment reportedly runs U.S., Canada and Europe victims 0.5 BTC, around $300, and 0.25 BTC for victims in other countries.

Researchers claim the malicious ransomware is unique in the fact that it is the first ever Crypto ransomware seen using the Tor anonymizing network for command and control to disguise its communication.

Currently, Critroni is thought to primarily target English- and Russian-speaking countries.

Read More Here…